Accenture Confirms Breach After Hacker Claims Source Code Theft
Accenture confirmed an isolated data breach after a hacker on PwnForums claimed to have stolen about 35 GB of internal files, including source code, Azure access keys and cryptographic keys.
Accenture confirmed a data breach after a user on the PwnForums hacking forum posted that roughly 35 gigabytes of internal files were exfiltrated earlier this month. The actor posted a screenshot of a private Azure DevOps repository on an accenture.com domain and offered the files for sale. The alleged haul includes source code, Azure access keys and tokens, configuration files, and RSA and SSH keys.
Accenture stated it has identified and remediated the source of the incident and that there is no impact to its operations or service delivery. The company did not provide details on how the data was taken, whether any personal information was exposed, or which internal systems were affected.
Valid access keys and tokens can grant control over cloud resources if they are not rotated or revoked. Source code and configuration files can reveal internal settings, authentication methods and potential vulnerabilities that attackers could examine or attempt to reuse in other environments.
Ross Filipek, chief information security officer at Corsica Technologies, cautioned that breaches at large consulting firms can have wider implications because such firms often connect to client cloud environments and enterprise systems. He noted that a successful compromise can reveal how systems are built, how teams authenticate and where trusted connections exist.
Responding to incidents of this type typically involves rotating keys and passwords, auditing access logs and notifying affected clients when their systems or data may be at risk.
Accenture did not provide a timeline for notifying clients or for releasing further findings. Investigations of this kind can take days or weeks as forensic teams determine what was taken, how access was gained and whether additional remediation is needed.
The company has faced scrutiny over security matters before, including a case last year in which a former employee was charged over concealing compliance problems in cloud products used by government customers. Accenture also recently announced a majority stake in industrial cybersecurity firm Dragos.




